MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9c61def8609f0788e0fd95eaaa60dfd25b1e156ef3ed899cfdfbc7b456043a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9c61def8609f0788e0fd95eaaa60dfd25b1e156ef3ed899cfdfbc7b456043a2
SHA3-384 hash: d9ce294d58a167e355d1f1b9a27a0bbe072517e2cab478b453e54d8588c6acb63f8dfce61ce2bc7a6f01bbb528ebc5fc
SHA1 hash: 2afb17989b915c2b5a627aa9949d31e0e990d0de
MD5 hash: 06806568f06cbbca24615610c7e40b09
humanhash: wyoming-wyoming-princess-beer
File name:Confirm Your Details In The Invoice-2020.pdf.z
Download: download sample
Signature HawkEye
Create hunting rule
File size:533'127 bytes
First seen:2020-05-20 12:10:24 UTC
Last seen:Never
File type: z
MIME type:application/gzip
ssdeep 12288:QvsCZTDIFIZpk8lfmznhpu1Q/SSMz6+Sm+csvaMgiWcxVu0kaP0iSP0S:OsC5DIlnrhg1CSS06+WFaMh6a9ScS
TLSH 94B42305C9F57B39353E65E2362662D98C87A396740837FB8F1902DB384DFB02869399
Reporter abuse_ch
Tags:HawkEye z


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: gl-host101.tenten.cloud
Sending IP: 150.95.111.186
From: JAWAD BUSINESS GROUP LLC <sp@bansalspinning.com>
Reply-To: kofidersa@outlook.com
Subject: RE: Invoice Details Incorrect
Attachment: Confirm Your Details In The Invoice-2020.pdf.z (contains "Confirm Your Details In The Invoice-2020.pdf.exe")

HawkEye FTP exfil server:
ftp.triplelink.co.th:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Herz.B.2544.31831.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27281.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 08:22:11 UTC
File Type:
Binary (Archive)
Extracted files:
295
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zhdb334gbhyhrdqp3fpkvjqn7us3dykw547nrgop366hwrlaiora._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

z c9c61def8609f0788e0fd95eaaa60dfd25b1e156ef3ed899cfdfbc7b456043a2

(this sample)

HawkEye

Executable exe 6ecc2b5616dc00a1f3e2a02cb724c06bc5fb01ac412045b0daa4d978a9a739b5

  
Dropping
MD5 d985a682fc6ef16054005e0a764a516c
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6ecc2b5616dc00a1f3e2a02cb724c06bc5fb01ac412045b0daa4d978a9a739b5

Comments